Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932974AbcLMNdg (ORCPT ); Tue, 13 Dec 2016 08:33:36 -0500 Received: from netrider.rowland.org ([192.131.102.5]:39491 "HELO netrider.rowland.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S932564AbcLMNdf (ORCPT ); Tue, 13 Dec 2016 08:33:35 -0500 Date: Tue, 13 Dec 2016 08:33:34 -0500 (EST) From: Alan Stern X-X-Sender: stern@netrider.rowland.org To: Michal Hocko cc: Andrey Konovalov , Felipe Balbi , Greg Kroah-Hartman , Al Viro , Marek Szyprowski , Deepa Dinamani , Mathieu Laurendeau , Bin Liu , USB list , LKML , syzkaller , Dmitry Vyukov , Kostya Serebryany , Cristopher Lameter Subject: Re: usb/gadget: warning in ep_write_iter/__alloc_pages_nodemask In-Reply-To: <20161213080426.GA10492@dhcp22.suse.cz> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1407 Lines: 32 On Tue, 13 Dec 2016, Michal Hocko wrote: > > > That being said, what ep_write_iter does sounds quite stupit. It just > > > allocates a large continuous buffer which seems to be under user > > > control... Aka no good! It should do that per pages or something like > > > that. Something worth fixing > > > > It's not important enough to make the driver do all this work. If > > users want to send large amounts of data, they can send it a page at a > > time (or something like that). > > Is it really necessary to allocate the full iov_iter_count? Why cannot > we process the from buffer one page at a time? We could (although one page is really too small -- USB 3.1 can transfer 800 KB per ms so we ought to handle at least 128 KB at a time). But turn the argument around: If the user wants to transfer that much data, why can't he _submit_ it one page at a time? > > If you really want to prevent the driver from attempting to allocate a > > large buffer, all that's needed is an upper limit on the total size. > > For example, 64 KB. > > Well, my point was that it is not really hard to imagine to deplete > larger contiguous memory blocks (say PAGE_ALLOC_COSTLY_ORDER). Those are > still causing the OOM killer and chances are that a controlled flood of > these requests could completely DoS the system. Putting a limit on the total size of a single transfer would prevent this. Alan Stern